cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Identity sharing in a split R77/R80 environment

Approximately halfway complete with migration to R80.10 from R77.30.  Have encountered errors related to identity awareness, and what appears to be identity sharing that's failing between gateways running R77.30 vs R80.10.  This is causing one segment of my users to be unable to connect to the Internet.  From what I've found so far it looks to be due to the fact that identity sharing services are not implied between the 2 versions, therefore tcp/15105 and tcp/28581 are blocked by the R80.10 gateways.  We are using the identity collector for the R80.10 gateways, AD Query in R77.30 with a distributed environment with PEPs and PDPs.  Can anyone speak to a recommended workaround until I'm able to migrate the remaining gateways to R80.10? 

0 Kudos
7 Replies
Admin
Admin

Re: Identity sharing in a split R77/R80 environment

The underlying identity sharing mechanism between R77.30 and R80.10 isn't different.

This SK might be worth looking at, though: In a Cluster environment, Identity propagation does not occur between an Identity Server (PDP) and I... 

0 Kudos
Admin
Admin

Re: Identity sharing in a split R77/R80 environment

I didn't realize this message was under one of the private user groups.

Mind if I move this to a more general area like General Product Topics‌ so others can comment?

0 Kudos

Re: Identity sharing in a split R77/R80 environment

Not at all. I didn't realize it was set to private either. Rookie move on my part

0 Kudos
Admin
Admin

Re: Identity sharing in a split R77/R80 environment

No worries, it's out in the public now.

0 Kudos

Re: Identity sharing in a split R77/R80 environment

Hi Gary,

Would I be correct in assuming that you may have resolved this now?

Cheers

Mark

0 Kudos

Re: Identity sharing in a split R77/R80 environment

Hi Mark,

Until I hear otherwise from my users, I'm going with yes Smiley Happy  I did modify my R80 policies to allow identity sharing with the R77 gateways.  Also pushing to complete these upgrades sooner rather than later, and some of our domain controllers are moving which will require more changes to our configuration.  Never boring here.

Thanks, 

Gary

Re: Identity sharing in a split R77/R80 environment

Hi Gary, 

Good to hear. Smiley Happy Sounds like all fun there, it'll keep you busy. 

If you need any further assistance, just shout. 

Regards

Mark

0 Kudos